Post navigation

In another post we saw the way to configure a SSH connection to Linux without password via public/private key. To allow SSH connection without interaction (without password) to Cisco Ironport ESA (Email Security Appliance) from a Windows machine is a bit different. These are the different steps:

Generate public/private keys

To generate the keys, we will use puttygen (PuTTY Key Generator). Use this link to download it.

After pressing "Generate" button, it asks us to move the mouse to generate randomness

The keys have been generated. Optionally we can change the Key comment to "IRONPORT-key" for example.
Then we push the "Save private key" button and save it giving it any name (IRONPORT.ppk).
Same for public key (IRONPORT.pub).
Finally, copy (Ctrl+C) the public key (the text on the upper rectangle) to be used later.

Configure public Key in Ironport

To import the public key into the Cisco Ironport ESA, a CLI session must be opened to execute the sshconfig command like this example shows. The command allows us to paste the previously copied public key.

Schedule task

Finally, to automate the execution of Ironport CLI commands simply we could configure the task scheduler to execute a bat script, for example, to save a backup copy of the configuration like I explain in this post: Ironport – Schedule automation scripts on Windows

Hi , I want to find out if upgrades as available on an Ironport and if exists notify. I have tried:
plink.exe %IronPort_Name% -i %PRIVKEY% -l admin “upgrade y;”
.. and a few other options and everytime I get Invalid arguments and/or unknown options.
Any ideas?

Has anyone figured out a way to use plink (or any other method) to make configuration change and commit within the same command/script? Plink.exe seems to exit out and abandons all changes after the first command is executed. -m didn’t work for me either.